开发者

Authorization in ASP.NET 4

I have a site which is running in ASP.NET 4.0, on Windows 7 Ultimate.

It is using FormsAuthentication, with a nice little logon page, all of which is fine so far as logging in and authenticating.

What is NOT working okay though is directory authorization overriding in sub-directories.

I want both authenticated and non-authenticated users to have access to the inc and images directories, so that the login page can be properly CSS-styled and have the logo and such on the top.

Okay, easy enough, right? I tried allowing anonymous access to these folders both by a <location> tag in the root web.config as so:

<location path="images">
    <system.web>
        <authorization>
            <allow users="*,?" />
        </authorization>
    </system.web>
</location>

as well as individual web.config file in the target directories as so:

<开发者_如何学编程?xml version="1.0"?>
<configuration>
    <system.web>
        <authorization>
            <allow users="*,?" />
        </authorization>
    </system.web>
</configuration>

but for some reason it is not allowing the anonymous user into those directories. I've verified it has to do with authorization by trying to go directly to one of the image's URLs and it fails. But after logging in I can pull it up just fine.

Was something changed in .NET 4.0 with regards to authorization that this would not be working? I've done the same exact thing in 2.0 and 3.5 sites with no problem.


Figured this out. I had moved my web site directory from the default. And although IIS had given the IIS_IUSERS group permission to that directory it for some reason did not give the IUSR user rights to the directory. Added him on manually, and BOOM, it worked!

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜